chromium-browser (67.0.3396.79-2) unstable; urgency=medium . * Use embedded ffmpeg code copy (closes: #900533). chromium-browser (67.0.3396.79-1) unstable; urgency=medium . * New upstream security release. - CVE-2018-6148: Incorrect handling of CSP header. Reported by Michał Bentkowski chromium-browser (67.0.3396.62-2) unstable; urgency=medium . * Fix build on arm64/armhf chromium-browser (67.0.3396.62-1) unstable; urgency=medium . * New upstream stable release. - CVE-2018-6123: Use after free in Blink. Reported by Looben Yang - CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong - CVE-2018-6125: Overly permissive policy in WebUSB. Reported by Yubico - CVE-2018-6126: Heap buffer overflow in Skia. Reported by Ivan Fratric - CVE-2018-6127: Use after free in indexedDB. Reported by Looben Yang - CVE-2018-6128: uXSS in Chrome on iOS. Reported by Tomasz Bojarski - CVE-2018-6129: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6130: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6131: Incorrect mutability protection in WebAssembly. Reported by Natalie Silvanovich - CVE-2018-6132: Use of uninitialized memory in WebRTC. Reported by Ronald E. Crane - CVE-2018-6133: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6134: Referrer Policy bypass in Blink. Reported by Jun Kokatsu - CVE-2018-6135: UI spoofing in Blink. Reported by Jasper Rebane - CVE-2018-6136: Out of bounds memory access in V8. Reported by Peter Wong - CVE-2018-6137: Leak of visited status of page in Blink. Reported by Michael Smith - CVE-2018-6138: Overly permissive policy in Extensions. Reported by François Lajeunesse-Robert - CVE-2018-6139: Restrictions bypass in the debugger extension API. Reported by Rob Wu - CVE-2018-6140: Restrictions bypass in the debugger extension API. Reported by Rob Wu - CVE-2018-6141: Heap buffer overflow in Skia. Reported by Yangkang - CVE-2018-6142: Out of bounds memory access in V8. Reported by Choongwoo Han - CVE-2018-6143: Out of bounds memory access in V8. Reported by Guang Gong - CVE-2018-6144: Out of bounds memory access in PDFium. Reported by pdknsk - CVE-2018-6145: Incorrect escaping of MathML in Blink. Reported by Masato Kinugawa - CVE-2018-6147: Password fields not taking advantage of OS protections in Views. Reported by Michail Pishchagin chromium-browser (67.0.3396.57-1) experimental; urgency=medium . * New upstream beta release. * Ignore more compiler warnings. chromium-browser (67.0.3396.56-1) experimental; urgency=medium . * New upstream beta release. chromium-browser (67.0.3396.48-1) experimental; urgency=medium . * New upstream beta release. * Indicate that binary rules do not require root. * Change maintainer address to chromium-browser@packages.debian.org. * Drop widevine adapter package, no longer supported upstream (chromium should automatically detect and use libwidevinecdm.so without the extra adapter library now). chromium-browser (66.0.3359.181-1) unstable; urgency=medium . * New upstream security release. - CVE-2018-6120: Heap buffer overflow in PDFium. Reported by Zhou Aiting - CVE-2018-6121: Privilege Escalation in extensions. - CVE-2018-6122: Type confusion in V8. chromium-browser (66.0.3359.139-1) unstable; urgency=medium . * New upstream security release. - CVE-2018-6118: Use after free in Media Cache. Reported by Ned Williamson * Enable jumbo build. * Recommend libgl1-mesa-dri. chromium-browser (66.0.3359.117-1) unstable; urgency=medium . * New upstream stable release. - CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson - CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson - CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous - CVE-2018-6088: Use after free in PDFium. Reported by Anonymous - CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by Rob Wu - CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song - CVE-2018-6091: Incorrect handling of plug-ins by Service Worker. Reported by Jun Kokatsu - CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie Silvanovich - CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun Kokatsu - CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris Rohlf - CVE-2018-6095: Lack of meaningful user interaction requirement before file upload. Reported by Abdulrahman Alqabandi - CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu - CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr - CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu - CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang - CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools . Reported by Rob Wu - CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani - CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6106: Incorrect handling of promises in V8. Reported by lokihardt - CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by Dominik Weber - CVE-2018-6110: Incorrect handling of plaintext files via file:// . Reported by Wenxiang Qian - CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani - CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu - CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani - CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang - CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher - CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by Chengdu Security Response Center - CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey - Fixes proxy time out error (closes: #892994). - Removes not implemented messages (closes: #893799). * Remove third_party/chromite from the upstream tarball (closes: #895076). chromium-browser (66.0.3359.26-2) unstable; urgency=medium . [ Michael Gilbert ] * Build using gcc6. * Move version control to salsa.debian.org. * Change maintainer address to chromium-browser@tracker.debian.org. . [ Riku Voipio ] * [arm64/armhf] Fix neon autodetection with patch from upstream * [armhf] drop debug symbols chromium-browser (66.0.3359.26-1) experimental; urgency=medium . * New upstream release. * Use threaded compression while repacking the upstream tarball. chromium-browser (66.0.3359.22-3) experimental; urgency=medium . * Build pdfium using the system openjpeg library. chromium-browser (66.0.3359.22-2) experimental; urgency=medium . * Fix typo in vpx patch. chromium-browser (66.0.3359.22-1) experimental; urgency=medium . * New upstream release. - Fixes swiftshader library loading error (closes: #864606). chromium-browser (65.0.3325.146-4) unstable; urgency=medium . * Fix another incomplete type build error (closes: #892891). chromium-browser (65.0.3325.146-3) unstable; urgency=medium . * Fix incomplete type build error. chromium-browser (65.0.3325.146-2) unstable; urgency=medium . * Fix a few gcc build warnings. * Apply upstream's fix for a bug in gcc7's handling of non-copyable types (closes: #890954). chromium-browser (65.0.3325.146-1) unstable; urgency=medium . * New upstream stable release release. - CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt - CVE-2018-6060: Use after free in Blink. Reported by Omair - CVE-2018-6061: Race condition in V8. Reported by Guang Gong - CVE-2018-6062: Heap buffer overflow in Skia. Reported by Anonymous - CVE-2018-6057: Incorrect permissions on shared memory. Reported by Gal Beniamini - CVE-2018-6063: Incorrect permissions on shared memory. Reported by Gal Beniamini - CVE-2018-6064: Type confusion in V8. Reported by lokihardt - CVE-2018-6065: Integer overflow in V8. Reported by Mark Brand - CVE-2018-6066: Same Origin Bypass via canvas. Reported by Masato Kinugawa - CVE-2018-6067: Buffer overflow in Skia. Reported by Ned Williamson - CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab. Reported by Luan Herrera - CVE-2018-6069: Stack buffer overflow in Skia. Reported by Wanglu & Yangkang - CVE-2018-6070: CSP bypass through extensions. Reported by Rob Wu - CVE-2018-6071: Heap bufffer overflow in Skia. Reported by Anonymous - CVE-2018-6072: Integer overflow in PDFium. Reported by Atte Kettunen - CVE-2018-6073: Heap bufffer overflow in WebGL. Reported by Omair - CVE-2018-6074: Mark-of-the-Web bypass. Reported by Abdulrahman Alqabandi - CVE-2018-6075: Overly permissive cross origin downloads. Reported by Inti De Ceukelaire - CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink. Reported by Mateusz Krzeszowiec - CVE-2018-6077: Timing attack using SVG filters. Reported by Khalil Zhani - CVE-2018-6078: URL Spoof in OmniBox. Reported by Khalil Zhani - CVE-2018-6079: Information disclosure via texture data in WebGL. Reported by Ivars Atteka - CVE-2018-6080: Information disclosure in IPC call. Reported by Gal Beniamini - CVE-2018-6081: XSS in interstitials. Reported by Rob Wu - CVE-2018-6082: Circumvention of port blocking. Reported by WenXu Wu - CVE-2018-6083: Incorrect processing of AppManifests. Reported by Jun Kokatsu * Enable support for vp9 (closes: #891831). chromium-browser (65.0.3325.74-1) experimental; urgency=medium . [ Michael Gilbert ] * New upstream release. * Update to debhelper 11. * Update standards version. * Remove third_party/llvm from the upstream tarball. * Drop -fno-delete-null-pointer from debian/rules, applied upstream now. . [ Riku Voipio ] * Fix skia build on arm64, (closes: #891062) * Set some armhf specific gn args to help linking chromium-browser (65.0.3325.73-1) experimental; urgency=medium . * New upstream beta release. * Recommend libu2f-udev (closes: #890239). * Add support ffmpeg 3.5 (closes: #888387). * Remove icc_profiles from the upstream tarball. chromium-browser (64.0.3282.119-2) unstable; urgency=medium . * Drop chromecast patch (closes: #884173). chromium-browser (64.0.3282.119-1) unstable; urgency=medium . * New upstream stable release. - CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall - CVE-2017-15429: UXSS in V8. Reported by Anonymous - CVE-2018-6031: Use after free in PDFium. Reported by Anonymous - CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu - CVE-2018-6033: Race when opening downloaded files. Reported by Juho Nurminen - CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein - CVE-2018-6035: Insufficient isolation of devtools from extensions. Reported by Rob Wu - CVE-2018-6036: Integer underflow in WebAssembly. Reported by The UK's National Cyber Security Centre - CVE-2018-6037: Insufficient user gesture requirements in autofill. Reported by Paul Stone - CVE-2018-6038: Heap buffer overflow in WebGL. Reported by cloudfuzzer - CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen - CVE-2018-6040: Content security policy bypass. Reported by WenXu Wu - CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera - CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani - CVE-2018-6043: Insufficient escaping with external URL handlers. Reported by 0x09AL - CVE-2018-6045: Insufficient isolation of devtools from extensions. Reported by Rob Wu - CVE-2018-6046: Insufficient isolation of devtools from extensions. Reported by Rob Wu - CVE-2018-6047: Cross origin URL leak in WebGL. Reported by Masato Kinugawa - CVE-2018-6048: Referrer policy bypass in Blink. Reported by Jun Kokatsu - CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu - CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew - CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso - CVE-2018-6052: Incomplete no-referrer policy implementation. Reported by Tanner Emek - CVE-2018-6053: Leak of page thumbnails in New Tab Page. Reported by Asset Kabdenov - CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu chromium-browser (63.0.3239.84-1) unstable; urgency=medium . * New upstream stable release. * Update standards version to 4.1.2. * Stricter default master preferences. * Avoid showing the welcome page (closes: #857767). * Switch from gtk2 to gtk3 again (closes: #883364). chromium-browser (63.0.3239.40-1) experimental; urgency=medium . * New upstream beta release. * Disable chromium signin feature. * Fix error in icon installation script. * Update to the latest standards version. * Indicate that the package can be built without root. chromium-browser (63.0.3239.30-1) experimental; urgency=medium . * New upstream beta release. * Install 16 and 32 pixel png icon files (closes: #857071). * Improve description for --temp-profile (closes: #881040). * Document Debian bug reports in the manpage (closes: #880965). * Stricter breaks/replaces to support security uploads (closes: #877970). theano (1.0.2+dfsg-1) unstable; urgency=medium . * New upstream release. * Split up the test suite to avoid running out of memory (workaround for #898126 / LP#1769672), but don't hide output. * Rebuild doc/library/d3viz/*.html, and tell Lintian where their source is. (This is unreproducible as some of them contain profiling output, but we're unreproducible anyway due to uglifyjs.) REMOVED: python-bayespy 0.5.17-1 REMOVED: python-sockjs-tornado 1.0.3-1 REMOVED: linkchecker 9.4.0-1 REMOVED: node-miller-rabin 4.0.1-1 REMOVED: mustang-plug 1.2-1 REMOVED: node-temp 0.8.3-1